skip to Main Content

Outlook issues due to Exchange Server AMSI integration

Since Exchange Server 2016 CU21 and Exchange Server 2019 CU10, users complain that there are Outlook problems. The Outlook application freezes and nothing helps until the Internet Information Services, or the Exchange Server is completely restarted. However, when the users use Outlook Web Access (OWA), everything works excellent. Let’s look at why this happens, and why particularly for Outlook clients.

Exchange Server AMSI integration

The Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate with any antimalware product that’s present on a machine. AMSI provides enhanced malware protection for your end-users and their data, applications, and workloads.

Microsoft introduced AMSI integration in these Exchange Server CUs:

Disable AMSI in security product

AMSI integration is not working excellent with some security products installed on the Exchange Server. Disable AMSI in the security product and restart the Exchange Server.

Not every security product is causing these Outlook performance problems. So far we have seen, it’s Sophos and McAfee. Disable AMSI within the security products temporarily and check if that helps.

Below you can find an example of how to disable AMSI Protection in Sophos.

Disable AMSI protection in Sophos

AMSI on Exchange Server

What if you want to revert to how it was? Because it was working fine all the time, now with Exchange Server 2016 CU21 / Exchange Server 2019 CU10, or higher, it’s not working as you expect. Is there a way to disable the AMSI integration from the Exchange Server instead of disabling AMSI in the security product? Yes, you can.

You can disable AMSI on the Exchange Server with PowerShell. There is a PowerShell script that you can use or run the commands manually. Note that you need to run Exchange Management Shell as administrator.

After you disable or enable AMSI, you will have to restart the Internet Information Services (IIS) on the machine which will disrupt connectivity. So make sure to do this when there will be no impact to the server or under a maintenance period.

Disable AMSI with PowerShell script

An excellent way to disable Windows AMSI is to download Test-AMSI.ps1 PowerShell script provided by Microsoft. The script has a great set of features.

Download Test-AMSI.ps1 PowerShell script

Place the Test-AMSI.ps1 PowerShell script on the Exchange Server C:\scripts folder. If you don’t have a scripts folder, create one. Make sure to check if the file is unblocked to prevent any errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Run both the commands to Disable AMSI on the Exchange Server.

[PS] C:\scripts>.\Test-AMSI.ps1 -DisableAMSI

[PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS

Run these two commands to Enable AMSI on the Exchange Server.

[PS] C:\scripts>.\Test-AMSI.ps1 -EnableAMSI

[PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS

Disable AMSI with PowerShell

If you want to run the commands manually without the PowerShell script, run these three commands to create a new server override.

[PS] C:\>New-SettingOverride -Name DisablingAMSIScan -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing"

[PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh

[PS] C:\>Restart-Service -Name W3SVC, WAS -Force

Once your testing is complete, re-enable the AMSI integration. Run the commands to remove the setting override.

[PS] C:\>Remove-SettingOverride -Identity DisablingAMSIScan -Confirm:$false

[PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh

[PS] C:\>Restart-Service -Name W3SVC, WAS -Force

That’s it!

Read more: Find Exchange version with PowerShell »

Conclusion

Do you get complaints from users that Outlook is freezing, and did you by any chance upgraded Exchange Server 2016 CU21, Exchange Server 2019 CU10, or later? Check out the security product on the Exchange Server and disable AMSI integration within the security product. If that’s not an option and you want to disable the newly introduced AMSI feature on the Exchange Server, run the PowerShell script or commands to disable AMSI.

Did you enjoy this article? You may also like Uninstall Windows Defender on Windows Server. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published.